keytool error: java.lang.Exception: Input not an X.509 certificate

Question

I am trying to import Gmails smtp certificate for use with Jira, but I get this error when importing using Javas keytool.

I used openssl to get the certificate, everything between ----Begin Certificate---- and ----End Certificate---- (inclusive). I also attempted to create an x.509 certificate using Windows Certificate Manager, but still get this error. I have verified that there are no extra whitespaces in the file.

I have seen many people with this problem online, but none of the solutions seem to work for me. Any help would be appreciated.

Thanks

Answer 1

openssl x509 -outform der -in foo.pem -out foo.der

Then use the DER-encoded output certificate.

Answer 2

The answer is correct but be sure to INCLUDE the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the copy/paste. This command will then work:

openssl x509 -outform der -in gmail.pem -out gmail.der

and then you do:

sudo keytool -import -file gmail.der -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts

Answer 3

Unfortunately, openssl didn't work for me.

unable to load certificate 2740:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:./crypto/as n1/tasn_dec.c:1294: 2740:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:./ crypto/asn1/tasn_dec.c:380:Type=X509_CINF 2740:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e rror:./crypto/asn1/tasn_dec.c:749:Field=cert_info, Type=X509 2740:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:./crypto/pem/pem_oth .c:83:

Used this knowledge base and success followed.

https://knowledge.verisign.ch/support/code-signing-support/index?page=content&id=SO18659&actp=search&viewlocale=en_US&searchid=1343045026667